<?xmlversion="1.0" encoding="US-ASCII"?>version='1.0' encoding='utf-8'?> <!DOCTYPE rfc SYSTEM"rfc2629.dtd"> <?rfc toc="yes"?> <?rfc tocompact="yes"?> <?rfc tocdepth="3"?> <?rfc tocindent="yes"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes"?> <?rfc comments="yes"?> <?rfc inline="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?>"rfc2629-xhtml.ent"> <rfc number="8706" xmlns:xi="http://www.w3.org/2001/XInclude" category="std" consensus="true" docName="draft-ietf-lsr-isis-rfc5306bis-09" ipr="trust200902"obsoletes="5306">obsoletes="5306" updates="" submissionType="IETF" xml:lang="en" tocInclude="true" symRefs="true" sortRefs="true" version="3"> <!-- xml2rfc v2v3 conversion 2.33.0 --> <front><title abbrev="restart-signalling-for-IS-IS">Restart<title>Restart Signaling for IS-IS</title> <seriesInfo name="RFC" value="8706" /> <author fullname="Les Ginsberg" initials="L." surname="Ginsberg"> <organization>Cisco Systems, Inc.</organization> <address> <postal> <street/> <city/> <code/> <country/> </postal> <email>ginsberg@cisco.com</email> </address> </author> <author fullname="Paul Wells" initials="P." surname="Wells"> <organization>Cisco Systems, Inc.</organization> <address> <postal> <street/> <city/> <region/> <code/> <country/> </postal> <email>pauwells@cisco.com</email> </address> </author> <dateday="19" month="September" year="2019"/>month="February" year="2020"/> <area>Routing</area> <workgroup>IS-IS for IP Internets</workgroup> <keyword>IGP</keyword> <keyword>IS-IS</keyword> <keyword>graceful restart</keyword> <abstract> <t>This document describes a mechanism for a restarting router to signal to its neighbors that it is restarting, allowing them to reestablish their adjacencies without cycling through thedown state,DOWN state while still correctly initiating database synchronization.</t> <t>This document additionally describes a mechanism for a router to signal its neighbors that it is preparing to initiate a restart while maintainingforwarding planeforwarding-plane state. This allows the neighbors to maintain their adjacencies until the router hasrestarted,restarted but also allows the neighbors to bring the adjacencies down in the event of other topology changes.</t> <t>This document additionally describes a mechanism for a restarting router to determine when it has achieved Link State Protocol Data Unit (LSP) database synchronization with its neighbors and a mechanism to optimize LSP databasesynchronization,synchronization while minimizing transient routing disruption when a router starts.</t> <t>This document obsoletes RFC 5306.</t> </abstract><note title="Requirements Language"> <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t> </note></front> <middle> <sectiontitle="Overview">numbered="true" toc="default"> <name>Overview</name> <t>The Intermediate System to Intermediate System (IS-IS) routing protocol[RFC1195] [ISO10589]<xref target="RFC1195" format="default"/> <xref target="ISO10589" format="default"/> is a link state intra-domain routing protocol. Normally, when an IS-IS router is restarted, temporary disruption of routing occurs due to events in both the restarting router and the neighbors of the restarting router.</t> <t>The router that has been restarted computes its own routes before achieving database synchronization with its neighbors. The results of this computation are likely to be non-convergent with the routes computed by other routers in the area/domain.</t> <t>Neighbors of the restarting router detect the restart event and cycle their adjacencies with the restarting router through thedownDOWN state. The cycling of the adjacency state causes the neighbors to regenerate their LSPs describing the adjacency concerned. This in turn causes a temporary disruption of routes passing through the restarting router.</t> <t>In certain scenarios, the temporary disruption of the routes is highly undesirable. This document describes mechanisms to avoid or minimize the disruption due to both of these causes.</t> <t>When an adjacency is reinitialized as a result of a neighbor restarting, a router does three things:</t><t><list style="numbers"> <t>It<ol spacing="normal" type="1"> <li>It causes its own LSP(s) to be regenerated, thus triggeringSPFShortest Path First (SPF) runs throughout the area (or in the case of Level 2, throughout thedomain).</t> <t>Itdomain).</li> <li>It sets SRMflags on its own LSP database on the adjacencyconcerned.</t> <t>Inconcerned.</li> <li>In the case of a Point-to-Point link, it transmits a complete set of Complete Sequence Number PDUs (CSNPs), over theadjacency.</t> </list></t>adjacency.</li> </ol> <t>In the case of a restarting router process, the first of these is highly undesirable, but the second is essential in order to ensure synchronization of the LSP database.</t> <t>The third action above minimizes the number of LSPs that must be exchanged and, if made reliable, provides a means of determining when the LSP databases of the neighboring routers have been synchronized. This is desirable whether or not the router is being restarted (so that the overload bit can be cleared in the router's own LSP, for example).</t> <t>This document describes a mechanism for a restarting router to signal to its neighbors that it is restarting. The mechanism further allows the neighbors to reestablish their adjacencies with the restarting router without cycling through thedown state,DOWN state while still correctly initiating database synchronization.</t> <t>This document additionally describes a mechanism for a restarting router to determine when it has achieved LSP database synchronization with its neighbors and a mechanism to optimize LSP database synchronization and minimize transient routing disruption when a router starts.</t> <t>It is assumed that the three-way handshake <xreftarget="RFC5303"/>target="RFC5303" format="default"/> is being used on Point-to-Point circuits.</t> </section> <sectiontitle="Conventionsnumbered="true" toc="default" anchor="conventions"> <name>Conventions Used in ThisDocument">Document</name> <t>If the control and forwarding functions in a router can be maintained independently, it is possible for the forwarding function state to be maintained across a resumption of control function operations. This functionality is assumed when the terms "restart/restarting" are used in this document.</t> <t>The terms "start/starting" are used to refer to a router in which the control function has either commenced operations for the first time or has resumed operations, but the forwarding functions have not been maintained in a prior state.</t> <t>The terms "(re)start/(re)starting" are used when the text is applicable to both a "starting" and a "restarting" router.</t> <t>The terms "normal IIH" or "IIH normal" refer to IS-IS Hellos (IIHs) in which the Restart TLV (defined later in this document) has no flags set.</t> <section numbered="true" toc="default"> <name>Requirements Language</name> <t> The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here. </t> </section> </section> <sectiontitle="Approach">numbered="true" toc="default"> <name>Approach</name> <sectiontitle="Timers">numbered="true" toc="default"> <name>Timers</name> <t>Three additionaltimers, T1,timers (T1, T2, andT3,T3) are required to support the mechanisms defined in this document. Timers T1 and T2 are used both by a restarting router and a starting router. Timer T3 is used only by a restarting router.</t> <t>NOTE: These timers are NOT applicable to a routerwhichthat is preparing to do a planned restart.</t> <t>An instance of the timer T1 is maintained perinterface,interface and indicates the time after which an unacknowledged (re)start attempt will be repeated. A typical value is 3 seconds.</t> <t>An instance of the timer T2 is maintained for each LSP database (LSPDB) present in the system. For example, for a Level 1/2 system, there will be an instance of the timer T2 for Level 1 and an instance for Level 2. This is the maximum time that the system will wait for LSPDB synchronization. A typical value is 60 seconds.</t> <t>A single instance of the timer T3 is maintained for the entire system. It indicates the time after which the router will declare that it has failed to achieve database synchronization (by setting the overload bit in its own LSP). This is initialized to 65535seconds,seconds but is set to the minimum of the remaining times of received IIHs containing arestartRestart TLV with the Restart Acknowledgement (RA) set and an indication that the neighbor has an adjacency in the"UP"UP state to the restarting router. (SeeSection 3.2.1a.)</t><xref target="itema" format="none">item a</xref> in <xref target="useofrrrabitssection"/>.)</t> </section> <sectiontitle="Restart TLV">numbered="true" toc="default"> <name>Restart TLV</name> <t>A new TLV is defined to be included in IIH PDUs. The TLV includes flags that are used to convey information during a (re)start. The absence of this TLV indicates that the sender supports none of the functionality defined in this document. Therefore, if a router supports any of the functionality defined in this document itMUST<bcp14>MUST</bcp14> include this TLV in all transmitted IIHs.</t><figure> <artwork><![CDATA[ Type 211 Length: Number<dl newline="true" spacing="normal"> <dt>Type:</dt><dd>211</dd> <dt>Length:</dt><dd>Number of octets in the Value field (1 to (3 + IDLength)) ValueLength))</dd> <dt>Value:</dt><dd> <artwork><![CDATA[ No. of octets +-----------------------+ | Flags | 1 +-----------------------+ | Remaining Time | 2 +-----------------------+ | Restarting Neighbor ID| ID Length +-----------------------+Flags]]></artwork> <dl newline="true" spacing="normal"> <dt>Flags (1octet)octet)</dt> <dd> <artwork><![CDATA[ 0 1 2 3 4 5 6 7 +--+--+--+--+--+--+--+--+ |Reserved|PA|PR|SA|RA|RR| +--+--+--+--+--+--+--+--+RR - Restart Request RA - Restart Acknowledgement SA - Suppress adjacency advertisement PR - Restart is planned PA - Planned restart acknowledgement Remaining]]></artwork> <dl newline="false" spacing="compact"> <dt>RR -</dt><dd>Restart Request</dd> <dt>RA -</dt><dd>Restart Acknowledgement</dd> <dt>SA -</dt><dd>Suppress adjacency advertisement</dd> <dt>PR -</dt><dd>Restart is planned</dd> <dt>PA -</dt><dd>Planned restart acknowledgement</dd> </dl> </dd> <dt>Remaining Time (2octets) Remaining holding timeoctets)</dt> <dd><t>Remaining Holding Time (inseconds). Requiredseconds).</t> <t>Required when the RA, PR, or PA bit is set.OtherwiseOtherwise, this fieldSHOULD<bcp14>SHOULD</bcp14> be omitted when sent andMUST<bcp14>MUST</bcp14> be ignored whenreceived. Restartingreceived.</t> </dd> <dt>Restarting Neighbor System ID (ID Lengthoctets) Theoctets)</dt> <dd> <t>The System ID of the neighbor to which an RA/PArefers. Requiredrefers.</t> <t>Required when the RA or PA bit is set.OtherwiseOtherwise, this fieldSHOULD<bcp14>SHOULD</bcp14> be omitted when sent andMUST<bcp14>MUST</bcp14> be ignored whenreceived. Note:received.</t> <t>Note: Very early draft versions of the restart functionality did not include the Restarting Neighbor System ID in the TLV. RFC 5306 allowed for the possibility of interoperating with legacy implementations by stating that a router that is expecting an RA on a LAN circuit should assume that the acknowledgement is directed at the local system if the TLV is received with RA set and Restarting Neighbor System ID is not present. It is an implementation choice whether to continue to accept (on a LAN) a TLV with RA set and Restarting Neighbor System ID absent. Note that the omission of the Restarting Neighbor System ID only introduces ambiguity in the case where there are multiple systems on a LAN simultaneously performingrestart. ]]></artwork> </figure>restart.</t> </dd> </dl> </dd> </dl> <t>The RR and SA flags may both be set in the TLV under the conditions described inSection 3.3.2.<xref target="adjacencyacqsection"/>. All other combinations where multiple flags are set are invalid andMUST NOT<bcp14>MUST NOT</bcp14> be transmitted. Received TLVswhichthat have invalid flag combinations setMUST<bcp14>MUST</bcp14> be ignored.</t> <sectiontitle="Usenumbered="true" toc="default" anchor="useofrrrabitssection"> <name>Use of RR and RABits">Bits</name> <t>The RR bit is used by a (re)starting router to signal to its neighbors that a (re)start is in progress, that an existing adjacencySHOULD<bcp14>SHOULD</bcp14> be maintained even under circumstances when the normal operation of the adjacency state machine would require the adjacency to be reinitialized, to request a set of CSNPs, and to request setting of the SRMflags.</t> <t>The RA bit is sent by the neighbor of a (re)starting router to acknowledge the receipt of arestartRestart TLV with the RR bit set.</t> <t>When the neighbor of a (re)starting router receives an IIH with therestartRestart TLV having the RR bit set, if there exists on this interface an adjacency in the UP state"UP"with the same SystemID, andID and, in the case of a LAN circuit, with the same source LAN address,then,then irrespective of the other contents of the "Intermediate System Neighbors" option (LAN circuits) or the "Point-to-Point Three-Way Adjacency" option (Point-to-Point circuits):</t><t><list style="letters"> <t>the<ol spacing="normal" type="a"> <li anchor="itema">the state of the adjacency is not changed. If this is the first IIH with the RR bit set that this system has received associated with this adjacency, then the adjacency is marked as being in "Restart mode" and the adjacencyholding timeHolding Time is refreshed -- otherwise, theholding timeHolding Time is not refreshed. The"remaining time"Remaining Time transmitted according to (b) belowMUST<bcp14>MUST</bcp14> reflect the actual time after which the adjacency will now expire. Receipt of an IIH with the RR bit reset will clear the "Restart mode" state. This procedure allows the restarting router to cause the neighbor to maintain the adjacency long enough for restart to successfullycomplete,complete while also preventing repetitive restarts from maintaining an adjacency indefinitely. Whether or not an adjacency is marked as being in "Restart mode" has no effect on adjacency statetransitions.</t> <t>immediatelytransitions.</li> <li>immediately (i.e., without waiting for any currently running timer interval toexpire,expire but with a small random delay of a few tens of milliseconds on LANs to avoid "storms") transmit over the corresponding interface an IIH including therestartRestart TLV with the RR bit clear and the RA bit set, in the case of Point-to-Point adjacencies having updated the "Point-to-Point Three-Way Adjacency" option to reflect any new values received from the (re)starting router. (This allows a restarting router to quickly acquire the correct information to place in its hellos.) The"Remaining Time" MUSTRemaining Time <bcp14>MUST</bcp14> be set to the current time (in seconds) before the holding timer on this adjacency is due to expire. If the corresponding interface is a LAN interface, then the Restarting Neighbor System IDSHOULD<bcp14>SHOULD</bcp14> be set to the System ID of the router from which the IIH with the RR bit set was received. This is required to correctly associate the acknowledgement andholding timeHolding Time in the case where multiple systems on a LAN restart at approximately the same time. This IIHSHOULD<bcp14>SHOULD</bcp14> be transmitted before any LSPs or SNPs are transmitted as a result of the receipt of the originalIIH.</t> <t>ifIIH.</li> <li anchor="itemc">if the corresponding interface is a Point-to-Point interface, or if the receiving router has the highest LnRouterPriority (with the highest sourceMAC (MediaMedia AccessControl)Control (MAC) address breaking ties) among those routers to which the receiving router has an adjacency in the UP state"UP"on this interface whose IIHs contain therestartRestart TLV, excluding adjacencies to all routerswhichthat are considered in "Restart mode" (note the actualDISDesignated Intermediate System (DIS) is NOT changed by this process), initiate the transmission over the corresponding interface of a complete set of CSNPs, and set SRMflags on the corresponding interface for all LSPs in the local LSPdatabase.</t> </list>Otherwisedatabase.</li> </ol> <t>Otherwise (i.e., if there was no adjacency in the"UP"UP state to the System ID in question), process the IIH as normal by reinitializing the adjacency and setting the RA bit in the returned IIH.</t> </section> <sectiontitle="Usenumbered="true" toc="default" anchor="useofsabitsection"> <name>Use of the SABit">Bit</name> <t>The SA bit is used by a starting router to request that its neighbor suppress advertisement of the adjacency to the starting router in the neighbor's LSPs.</t> <t>A router that is starting has no maintained forwarding function state. This may or may not be the first time the router has started. If this is not the first time the router has started, copies of LSPs generated by this router in its previous incarnation may exist in the LSP databases of other routers in the network. These copies are likely to appear "newer" than LSPs initially generated by the starting router due to the reinitialization of LSP fragment sequence numbers by the starting router. This may cause temporary blackholes to occur until the normal operation of the update process causes the starting router to regenerate and flood copies of its own LSPs with higher sequence numbers. The temporary blackholes can be avoided if the starting router's neighbors suppress advertising an adjacency to the starting router until the starting router has been able to propagate newer versions of LSPs generated by previous incarnations.</t> <t>When a router receives an IIH with therestartRestart TLV having the SA bit set, if there exists on this interface an adjacency in the UP state"UP"with the same SystemID, andID and, in the case of a LAN circuit, with the same source LAN address, then the routerMUST<bcp14>MUST</bcp14> suppress advertisement of the adjacency to the neighbor in its own LSPs. Until an IIH with the SA bit clear has been received, the neighbor advertisementMUST<bcp14>MUST</bcp14> continue to be suppressed. If the adjacency transitions to the"UP"UP state, the new adjacencyMUST NOT<bcp14>MUST NOT</bcp14> be advertised until an IIH with the SA bit clear has been received.</t> <t>Note that a router that suppresses advertisement of an adjacencyMUST NOT<bcp14>MUST NOT</bcp14> use this adjacency when performing its SPF calculation. In particular, if an implementation follows the example guidelines presented in[ISO10589],<xref target="ISO10589" format="default"/>, Annex C.2.5, Step 0:b) "pre-load TENT with the local adjacency database", the suppressed adjacencyMUST NOT<bcp14>MUST NOT</bcp14> be loaded into TENT.</t> </section> <sectiontitle="Usenumbered="true" toc="default"> <name>Use of PR and PABits">Bits</name> <t>The PR bit is used by a routerwhichthat is planning to initiate a restart to signal to its neighbors that it will be restarting. The router sending an IIH with PR bit setSHOULD<bcp14>SHOULD</bcp14> set the"remaining time"Remaining Time to a value greater than the expectedcontrol planecontrol-plane restart time. The PR bitSHOULD<bcp14>SHOULD</bcp14> remain set in IIHs until the restart is initiated.</t> <t>The PA bit is sent by the neighbor of a router planning to restart to acknowledge receipt of arestartRestart TLV with the PR bit set.</t> <t>When the neighbor of a router planning a restart receives an IIH with therestartRestart TLV having the PR bit set, if there exists on this interface an adjacency in the UP state"UP"with the same SystemID, andID and, in the case of a LAN circuit, with the same source LAN address, then:</t><t><list style="letters"> <t>if<ol spacing="normal" type="a"> <li>if this is the first IIH with the PR bit set that this system has received associated with this adjacency, then the adjacency is marked as being in"PlannedPlanned Restartstate"State and the adjacencyholding timeHolding Time is refreshed -- otherwise, theholding timeHolding Time is not refreshed. Theholding time SHOULDHolding Time <bcp14>SHOULD</bcp14> be set to the"remaining time"Remaining Time specified in the received IIH with PR set. The"remaining time"Remaining Time transmitted according to (b) belowMUST<bcp14>MUST</bcp14> reflect the actual time after which the adjacency will now expire. Receipt of an IIH with the PR bit reset will clear the"PlannedPlanned Restartstate"State and cause the receiving router to set the adjacencyhold timeHolding Time to the locally configured value. This procedure allows the router planning a restart to cause the neighbor to maintain the adjacency long enough for restart to successfully complete. Whether or not an adjacency is marked as being in"PlannedPlanned Restartstate"State has no effect on adjacency statetransitions.</t> <t>immediatelytransitions.</li> <li>immediately (i.e., without waiting for any currently running timer interval to expire, but with a small random delay of a few tens of milliseconds on LANs to avoid "storms") transmit over the corresponding interface an IIH including therestartRestart TLV with the PR bit clear and the PA bit set. The"Remaining Time" MUSTRemaining Time <bcp14>MUST</bcp14> be set to the current time (in seconds) before the holding timer on this adjacency is due to expire. If the corresponding interface is a LAN interface, then the Restarting Neighbor System IDSHOULD<bcp14>SHOULD</bcp14> be set to the System ID of the router from which the IIH with the PR bit set was received. This is required to correctly associate the acknowledgement andholding timeHolding Time in the case where multiple systems on a LAN are planning a restart at approximately the sametime.</t> </list></t>time.</li> </ol> <t>NOTE: Receipt of an IIH with PA bit set indicates to the router planning a restart that the neighbor is aware of the planned restart and--- in the absence of topology changes as described below--- will maintain the adjacency for the"remaining time"Remaining Time included in the IIH with PA set.</t> <t>By definition, a restarting router maintains forwarding state across thecontrol planecontrol-plane restart (seeSection 2).<xref target="conventions"/>). But while acontrol planecontrol-plane restart is inprogressprogress, it is expected that the restarting router will be unable to respond to topology changes. It is therefore useful to signal a planned restart so that the neighbors of the restarting router can determine whether it is safe to maintain the adjacency if other topology changes occur prior to the completion of the restart.SignallingSignaling a planned restart in the absence of maintainedforwarding planeforwarding-plane state is likely to lead to significant traffic loss andMUST NOT<bcp14>MUST NOT</bcp14> be done.</t> <t>Neighbors of the routerwhich hasthat have signaled planned restartSHOULD<bcp14>SHOULD</bcp14> maintain the adjacency in aplanned restart statePlanned Restart State until it receives an IIH with the RR bit set, it receives an IIH with both PR and RR bits clear, or the adjacencyholding timeHolding Time expires--- whichever occurs first. Neighborswhichthat choose not to follow the recommended behavior need to consider the impact on traffic delivery of not using the restarting router for forwarding traffic during the restart period.</t> <t>While the adjacency is inplanned restart statePlanned Restart State, some or all of the following actionsMAY<bcp14>MAY</bcp14> be taken:</t><t><list style="letters"> <t>if<ol spacing="normal" type="a"> <li>If additional topology changes occur, the adjacencywhichthat is inplanned restart state MAYPlanned Restart State <bcp14>MAY</bcp14> be brought down even though thehold timeHolding Time has not yet expired. Given that the neighborwhichthat has signaled a planned restart is not expected to update its forwarding plane in response tosignallingsignaling of the topology changes (since it is restarting) trafficwhichthat transits that node is at risk of being improperly forwarded. On a LAN circuit, if the router inplanned restart statePlanned Restart State is the DIS at any supported level, theadjacency(ies) SHOULDadjacency or adjacencies <bcp14>SHOULD</bcp14> be brought down whenever any LSP update is either generated orreceived,received so as to trigger a new DIS election. Failure to do so will compromise the reliability of theUpdate Processupdate process on that circuit. What other criteria are used to determine what topology changes will trigger bringing the adjacency down is a local implementationdecision.</t> <t>ifdecision.</li> <li>If aBFDBidirectional Forwarding Detection (BFD) <xreftarget="RFC5880"/> sessiontarget="RFC5880" format="default"/> Session to the neighborwhichthat signals a planned restart is in the UP state and subsequently goesDOWN,down, the eventMAY<bcp14>MAY</bcp14> be ignored since it is possible this is an expected side effect of the restart. Use of theControl PlaneControl-Plane Independent state assignalledsignaled in BFD control packetsSHOULD<bcp14>SHOULD</bcp14> be considered in the decision to ignore a BFD Session DOWNevent.</t> <t>onevent.</li> <li>On a Point-to-Point circuit, transmission of LSPs, CSNPs, andPSNPs MAYPartial Sequence Number PDU (PSNPs) <bcp14>MAY</bcp14> be suppressed. It is expected that the PDUs will not bereceived.</t> </list></t>received.</li> </ol> <t>Use of the PR bit provides a means to safely support restart periodswhichthat are significantly longer than standardholdtimes.</t>Holding Times.</t> </section> </section> <sectiontitle="Adjacency (Re)Acquisition">numbered="true" toc="default"> <name>Adjacency (Re)Acquisition</name> <t>Adjacency (re)acquisition is the first step in (re)initialization. Restarting and starting routers will make use of the RR bit in therestartRestart TLV, though each will use it at different stages of the (re)start procedure.</t> <sectiontitle="Adjacencynumbered="true" toc="default" anchor="adjacencyreacqsection"> <name>Adjacency Reacquisition duringRestart">Restart</name> <t>The restarting router explicitly notifies its neighbor that the adjacency is beingreacquired, and hencereacquired and, hence, that itSHOULD NOT<bcp14>SHOULD NOT</bcp14> reinitialize the adjacency. This is achieved by setting the RR bit in therestartRestart TLV. When the neighbor of a restarting router receives an IIH with therestartRestart TLV having the RR bit set, if there exists on this interface an adjacency in the UP state"UP"with the same SystemID, andID and, in the case of a LAN circuit, with the same source LAN address, then the procedures described inSection 3.2.1<xref target="useofrrrabitssection"/> are followed.</t> <t>A router that does not support the restart capability will ignore therestartRestart TLV and reinitialize the adjacency as normal, returning an IIH without therestartRestart TLV.</t> <t>On restarting, a router initializes the timer T3, starts the timer T2 for each LSPDB, and for each interface (and in the case of a LAN circuit, for each level) starts the timer T1 and transmits an IIH containing therestartRestart TLV with the RR bit set.</t> <t>On a Point-to-Point circuit, the restarting routerSHOULD<bcp14>SHOULD</bcp14> set the "Adjacency Three-Way State" to "Init", because the receipt of the acknowledging IIH (with RA set)MUST<bcp14>MUST</bcp14> cause the adjacency to enter the"UP"UP state immediately.</t> <t>On a LAN circuit, the LAN-ID assigned to the circuitSHOULD<bcp14>SHOULD</bcp14> be the same as that used prior to the restart. In particular, for any circuits for which the restarting router was previously DIS, the use of a different LAN-ID would necessitate the generation of a new set of pseudonodeLSPs,LSPs and corresponding changes in all the LSPs referencing them from other routers on the LAN. By preserving the LAN-ID across the restart, this churn can be prevented. To enable a restarting router to learn the LAN-ID used prior to restart, the LAN-ID specified in an IIH with RR setMUST<bcp14>MUST</bcp14> be ignored.</t> <t>Transmission of "normal IIHs" is inhibited until the conditions described below are met (in order to avoid causing an unnecessary adjacency initialization). Upon expiry of the timer T1, it is restarted and the IIH is retransmitted as above.</t> <t>When a restarting router receives an IIH a local adjacency is established as usual, and if the IIH contains arestartRestart TLV with the RA bit set (and on LAN circuits with a Restart Neighbor System ID that matches that of the local system), the receipt of the acknowledgement over that interface is noted. When the RA bit is set and the state of the remote adjacency is"UP",UP, then the timer T3 is set to the minimum of its current value and the value of the"Remaining Time"Remaining Time field in the received IIH.</t> <t>On a Point-to-Point link, receipt of an IIH not containing therestartRestart TLV is also treated as an acknowledgement, since it indicates that the neighbor is not restart capable. However, since no CSNP is guaranteed to be received over this interface, the timer T1 iscancelledcanceled immediately without waiting for a complete set of CSNPs. Synchronization may therefore be deemed complete even though there are some LSPswhichthat are held (only) by this neighbor (seeSection 3.4).<xref target="dbsyncsection"/>). In this case, we also want to be certain that the neighbor will reinitialize the adjacency in order to guarantee that the SRMflags have been set on its database, thus ensuring eventual LSPDB synchronization. This is guaranteed to happen except in the case where the Adjacency Three-Way State in the received IIH is"UP"UP and the Neighbor Extended Local Circuit ID matches theextended local circuitExtended Local Circuit ID assigned by the restarting router. In this case, the restarting routerMUST<bcp14>MUST</bcp14> force the adjacency to reinitialize by setting the local Adjacency Three-Way State to"DOWN"DOWN and sending a normal IIH.</t> <t>In the case of a LAN interface, receipt of an IIH not containing therestartRestart TLV is unremarkable since synchronization can still occur so long as at least one of the non-restarting neighboring routers on the LAN supports restart. Therefore, T1 continues to run in this case. If none of the neighbors on the LAN are restart capable, T1 will eventually expire after the locally defined number of retries.</t> <t>In the case of a Point-to-Point circuit, the"LocalCircuitID"LocalCircuitID and"ExtendedExtended Local CircuitID"ID information contained in the IIH can be used immediately to generate an IIH containing the correct three-way handshake information. The presence of"NeighborNeighbor Extended Local CircuitID"ID information that does not match the value currently in use by the local system is ignored (since the IIH may have been transmitted before the neighbor had received the new value from the restarting router), but the adjacency remains in the initializing state until the correct information is received.</t> <t>In the case of a LAN circuit, the source neighbor information (e.g., SNPAAddress) is recorded and used for adjacency establishment and maintenance as normal.</t> <t>When BOTH a complete set of CSNPs (for each active level, in the case of a Point-to-Point circuit) and an acknowledgement have been received over the interface, the timer T1 iscancelled.</t>canceled.</t> <t>Once the timer T1 has beencancelled,canceled, subsequent IIHs are transmitted according to the normalalgorithms,algorithms but including therestartRestart TLV with both RR and RA clear.</t> <t>If a LAN contains a mixture of systems, only some of which support the new algorithm, database synchronization is still guaranteed, but the "old" systems will have reinitialized their adjacencies.</t> <t>If an interface isactive,active but does not have any neighboring router reachable over that interface, the timer T1 would never becancelled,canceled, and according toSection 3.4.1.1,<xref target="restartingsection"/>, the SPF would never be run. Therefore, timer T1 iscancelledcanceled after some predetermined number of expirations (whichMAY<bcp14>MAY</bcp14> be 1).</t> </section> <sectiontitle="Adjacencynumbered="true" toc="default" anchor="adjacencyacqsection"> <name>Adjacency Acquisition duringStart">Start</name> <t>The starting router wants to ensure that in the event that a neighboring router has an adjacency to the starting router in the"UP"UP state (from a previous incarnation of the starting router), this adjacency is reinitialized. The starting router also wants neighboring routers to suppress advertisement of an adjacency to the starting router until LSP database synchronization is achieved. This is achieved by sending IIHs with the RR bit clear and the SA bit set in therestartRestart TLV. The RR bit remains clear and the SA bit remains set in subsequent transmissions of IIHs until the adjacency has reached the"UP"UP state and the initial T1 timer interval (see below) has expired.</t> <t>Receipt of an IIH with the RR bit clear will result in the neighboring router utilizing normal operation of the adjacency state machine. This will ensure that any old adjacency on the neighboring router will be reinitialized.</t> <t>Upon receipt of an IIH with the SA bit set, the behavior described inSection 3.2.2<xref target="useofsabitsection"/> is followed.</t> <t>Upon starting, a router starts timer T2 for each LSPDB.</t> <t>For each interface (and in the case of a LAN circuit, for each level), when an adjacency reaches the"UP"UP state, the starting router starts a timer T1 and transmits an IIH containing the restart TLV with the RR bit clear and SA bit set. Upon expiry of the timer T1, it is restarted and the IIH is retransmitted with both RR and SA bits set (only the RR bit has changed state from earlier IIHs).</t> <t>Upon receipt of an IIH with the RR bit set (regardless of whether or not the SA bit is set), the behavior described inSection 3.2.1<xref target="useofrrrabitssection"/> is followed.</t> <t>When an IIH is received by the starting router and the IIH contains arestartRestart TLV with the RA bit set (and on LAN circuits with a Restart Neighbor System ID that matches that of the local system), the receipt of the acknowledgement over that interface is noted.</t> <t>On a Point-to-Point link, receipt of an IIH not containing therestartRestart TLV is also treated as an acknowledgement, since it indicates that the neighbor is not restart capable. Since the neighbor will have reinitialized the adjacency, this guarantees that SRMflags have been set on its database, thus ensuring eventual LSPDB synchronization. However, since no CSNP is guaranteed to be received over this interface, the timer T1 iscancelledcanceled immediately without waiting for a complete set of CSNPs. Synchronization may therefore be deemed complete even though there are some LSPs that are held (only) by this neighbor (seeSection 3.4).</t><xref target="dbsyncsection"/>).</t> <t>In the case of a LAN interface, receipt of an IIH not containing therestartRestart TLV is unremarkable since synchronization can still occur so long as at least one of the non-restarting neighboring routers on the LAN supports restart. Therefore, T1 continues to run in this case. If none of the neighbors on the LAN are restart capable, T1 will eventually expire after the locally defined number of retries. The usual operation of the update process will ensure that synchronization is eventually achieved.</t> <t>When BOTH a complete set of CSNPs (for each active level, in the case of a Point-to-Point circuit) and an acknowledgement have been received over the interface, the timer T1 iscancelled.canceled. Subsequent IIHs sent by the starting router have the RR and RA bits clear and the SA bit set in therestartRestart TLV.</t> <t>Timer T1 iscancelledcanceled after some predetermined number of expirations (whichMAY<bcp14>MAY</bcp14> be 1).</t> <t>When the T2 timer(s) arecancelledcanceled or expire, transmission of "normal IIHs" will begin.</t> </section> <sectiontitle="Multiple Levels">numbered="true" toc="default"> <name>Multiple Levels</name> <t>A router that is operating as both a Level 1 and a Level 2 router on a particular interfaceMUST<bcp14>MUST</bcp14> perform the above operations for each level.</t> <t>On a LAN interface, itMUST<bcp14>MUST</bcp14> send and receive both Level 1 and Level 2 IIHs and perform the CSNP synchronizations independently for each level.</t> <t>On a Point-to-Point interface, only a single IIH (indicating support for both levels) is required, but itMUST<bcp14>MUST</bcp14> perform the CSNP synchronizations independently for each level.</t> </section> </section> <sectiontitle="Database Synchronization">numbered="true" toc="default" anchor="dbsyncsection"> <name>Database Synchronization</name> <t>When a router is started or restarted, it can expect to receive a complete set of CSNPs over each interface. The arrival of the CSNP(s) is now guaranteed, since an IIH with the RR bit set will be retransmitted until the CSNP(s) are correctly received.</t> <t>The CSNPs describe the set of LSPs that are currently held by each neighbor. Synchronization will be complete when all these LSPs have been received.</t> <t>When (re)starting, a router starts an instance of timer T2 for eachLSPDBLSPDB, as described inSection 3.3.1<xref target="adjacencyreacqsection"/> orSection 3.3.2.<xref target="adjacencyacqsection"/>. In addition to normal processing of the CSNPs, the set of LSPIDs contained in the first complete set of CSNPs received over each interface is recorded, together with their remaining lifetime. In the case of a LAN interface, a complete set of CSNPsMUST<bcp14>MUST</bcp14> consist of CSNPs received from neighbors that are not restarting. If there are multiple interfaces on the (re)starting router, the recorded set of LSPIDs is the union of those received over each interface. LSPs with a remaining lifetime of zero are NOT so recorded.</t> <t>As LSPs are received (by the normal operation of the update process) over any interface, the corresponding LSPID entry is removed (it is also removed if an LSP arrives before the CSNP containing the reference). When an LSPID has been held in the list for its indicated remaining lifetime, it is removed from the list. When the list of LSPIDs is empty and the timer T1 has beencancelledcanceled for all the interfaces that have an adjacency at this level, the timer T2 iscancelled.</t>canceled.</t> <t>At this point, the local database is guaranteed to contain all the LSP(s) (either the same sequence number or a more recent sequence number) that were present in the neighbors' databases at the time of (re)starting. LSPs that arrived in a neighbor's database after the time of (re)starting may or may not be present, but the normal operation of the update process will guarantee that they will eventually be received. At this point, the local database is deemed to be "synchronized".</t> <t>Since LSPs mentioned in the CSNP(s) with a zero remaining lifetime are notrecorded,recorded and those with a short remaining lifetime are deleted from the list when the lifetime expires, cancellation of the timer T2 will not be prevented by waiting for an LSP that will never arrive.</t> <sectiontitle="LSPnumbered="true" toc="default"> <name>LSP Generation and Flooding and SPFComputation">Computation</name> <t>The operation of a router starting, as opposed to restarting, is somewhat different. These two cases are dealt with separately below.</t> <sectiontitle="Restarting">numbered="true" toc="default" anchor="restartingsection"> <name>Restarting</name> <t>In order to avoid causing unnecessary routing churn in other routers, it is highly desirable that the router's own LSPs generated by the restarting system are the same as those previously present in the network (assuming no other changes have taken place). It is important therefore not to regenerate and flood the LSPs until all the adjacencies have beenre-establishedreestablished and any information required for propagation into the local LSPs is fully available. Ideally, the information is loaded into the LSPs in a deterministic way, such that the same information occurs in the same place in the same LSP (and hence the LSPs are identical to their previous versions). If this can be achieved, the new versions may not even cause SPF to be run in other systems. However, provided the same information is included in the set of LSPs (albeit in a different order, and possibly different LSPs), the result of running the SPF will be the same and will not cause churn to the forwarding tables.</t> <t>In the case of a restarting router, none of the router's own LSPs are transmitted, nor are the router's own forwarding tables updated while the timer T3 is running.</t> <t>Redistribution of inter-level informationMUST<bcp14>MUST</bcp14> be regenerated before this router's LSP is flooded to other nodes. Therefore, the Level-n non-pseudonode LSP(s)MUST NOT<bcp14>MUST NOT</bcp14> be flooded until the other level's T2 timer has expired and its SPF has been run. This ensures that any inter-level information that is to be propagated can be included in the Level-n LSP(s).</t> <t>During this period, if one of the router's own (including pseudonodes) LSPs is received, which the local router does not currently have in its own database, it is NOT purged. Under normal operation, such an LSP would be purged, since the LSP clearly should not be present in the global LSP database. However, in the present circumstances, this would be highly undesirable, because it could cause premature removal of a router's own LSP -- and hence churn in remote routers. Even if the local system has one or more of the router's own LSPs (which it hasgenerated,generated but not yet transmitted), it is still not valid to compare the received LSP against this set, since it may be that as a result of propagation between Level 1 and Level 2 (or vice versa), a further router's own LSP will need to be generated when the LSP databases have synchronized.</t> <t>During this period, a restarting routerSHOULD<bcp14>SHOULD</bcp14> send CSNPs as it normally would. Information about the router's own LSPsMAY<bcp14>MAY</bcp14> be included, but if it isincludedincluded, itMUST<bcp14>MUST</bcp14> be based on LSPs that have been received, not on versions that have been generated (but not yet transmitted). This restriction is necessary to prevent premature removal of an LSP from the global LSP database.</t> <t>When the timer T2 expires or iscancelledcanceled, indicating that synchronization for that level is complete, the SPF for that level is run in order to derive any information that is required to be propagated to another level, but the forwarding tables are not yet updated.</t> <t>Once the other level's SPF has run and any inter-level propagation has been resolved, the router's own LSPs can be generated and flooded. Any own LSPs that were previously ignored, but that are not part of the current set of own LSPs (including pseudonodes),MUST<bcp14>MUST</bcp14> then be purged. Note that it is possible that a Designated Router change may have takenplace, and consequentlyplace and, consequently, the routerSHOULD<bcp14>SHOULD</bcp14> purge those pseudonode LSPs that it previouslyowned,owned but that are now no longer part of its set of pseudonode LSPs.</t> <t>When all the T2 timers have expired or beencancelled,canceled, the timer T3 iscancelledcanceled, and the local forwarding tables are updated.</t> <t>If the timer T3 expires before all the T2 timers have expired or beencancelled,canceled, this indicates that the synchronization process is taking longer than the minimumholding timeHolding Time of the neighbors. The router's own LSP(s) for levels that have not yet completed their first SPF computation are then flooded with the overload bit set to indicate that the router's LSPDB is not yet synchronized (and therefore other routersMUST NOT<bcp14>MUST NOT</bcp14> compute routes through this router). Normal operation of the update process resumes, and the local forwarding tables are updated. In order to prevent the neighbor's adjacencies from expiring, IIHs with the normal interface value for theholding timeHolding Time are transmitted over all interfaces with neither RR nor RA set in therestartRestart TLV. This will cause the neighbors to refresh their adjacencies. The router's own LSP(s) will continue to have the overload bit set until timer T2 has expired or beencancelled.</t>canceled.</t> </section> <sectiontitle="Starting">numbered="true" toc="default"> <name>Starting</name> <t>In the case of a starting router, as soon as each adjacency is established, and before any CSNP exchanges, the router's own zeroth LSP is transmitted with the overload bit set. This prevents other routers from computing routes through the router until it has reliably acquired the complete set of LSPs. The overload bit remains set in subsequent transmissions of the zeroth LSP (such as will occur if a previous copy of the router's own zeroth LSP is still present in the network) while any timer T2 is running.</t> <t>When all the T2 timers have beencancelled,canceled, the router's own LSP(s)MAY<bcp14>MAY</bcp14> be regenerated with the overload bit clear (assuming the router is not in fact overloaded, and there is no other reason, such as incomplete BGP convergence, to keep the overload bit set) and flooded as normal.</t> <t>Other LSPs owned by this router (including pseudonodes) are generated and flooded as normal, irrespective of the timer T2. The SPF is also run as normal and the Routing Information Base (RIB) and Forwarding Information Base (FIB) updated as routes become available.</t> <t>To avoid the possible formation of temporary blackholes, the starting router sets the SA bit in therestartRestart TLV (as described inSection 3.3.2)<xref target="adjacencyacqsection"/>) in all IIHs that it sends.</t> <t>When all T2 timers have beencancelled,canceled, the starting routerMUST<bcp14>MUST</bcp14> transmit IIHs with the SA bit clear.</t> </section> </section> </section> </section> <sectiontitle="State Tables">numbered="true" toc="default"> <name>State Tables</name> <t>This section presents state tables that summarize the behaviors described in this document. Other behaviors, in particular adjacency state transitions and LSP database updateoperation,operations, are NOT included in the state tables except where this document modifies the behaviors described in <xreftarget="ISO10589"/>target="ISO10589" format="default"/> and <xreftarget="RFC5303"/>.</t>target="RFC5303" format="default"/>.</t> <t>The states named in the columns of the tables below are a mixture of states that are specific to a single adjacency (ADJ suppressed, ADJ Seen RA, ADJ Seen CSNP) and states that are indicative of the state of the protocol instance (Running, Restarting, Starting, SPF Wait).</t> <t>Three state tables are presented from the point of view of a running router, a restarting router, and a starting router.</t> <sectiontitle="Running Router"> <t><figure> <artwork><![CDATA[ Event | Running | ADJ suppressed ============================================================== RX PR | Setnumbered="true" toc="default"> <name>Running Router</name> <table anchor="table1"> <name>Running Router</name> <thead> <tr> <th>Event</th> <th>Running</th> <th>ADJ suppressed</th> </tr> </thead> <tbody> <tr> <td>RX PR</td> <td><t>Set Planned Restart| | state. | |State<br/> Updatehold time |Holding Time<br/> SendPA | -------------+----------------------+------------------------- RXPA</t></td> <td></td> </tr> <tr> <td>RX PR clr| Clear Planned |and RRclr |clr</td> <td><t>Clear Planned RestartState | |State<br/> RestoreholdtimeHolding Time to| |localvalue | -------------+----------------------+------------------------- RX RR | Maintainvalue</t></td> <td></td> </tr> <tr> <td>RX RR</td> <td> <t>Maintain ADJState | |State<br/> SendRA | |RA<br/> SetSRM,sendSRM, send CSNP| | (Note 1) | |(<xref target="note1" format="none">Note 1</xref>)<br/> UpdateHold Time, | |Holding Time,<br/> set Restart Mode| | (Note 2) | -------------+----------------------+------------------------- RX(<xref target="note2" format="none">Note 2</xref>)</t> </td> <td></td> </tr> <tr> <td>RX RRclr | Clrclr</td> <td>Clr Restartmode | -------------+----------------------+------------------------- RX SA | Suppressmode</td> <td></td> </tr> <tr> <td>RX SA</td> <td> <t>Suppress IS neighbor| |TLV inLSP(s) | |LSP&wj;(s)<br/> Goto ADJSuppressed | -------------+----------------------+------------------------- RXSuppressed</t> </td> <td></td> </tr> <tr> <td>RX SAclr | |Unsuppressclr</td> <td></td> <td> <t>Unsuppress IS neighbor| |TLV inLSP(s) | |Goto Running ============================================================== Note 1: CSNPsLSP&wj;(s)<br/> Goto Running</t> </td> </tr> </tbody> </table> <ol type="Note %d:"> <li anchor="note1">CSNPs are sent by routers in accordance withSection 3.2.1c Note 2: If<xref target="itemc" format="none">item c</xref> in <xref target="useofrrrabitssection"/></li> <li anchor="note2">If Restart Modeclear ]]></artwork> </figure></t>clear</li> </ol> </section> <sectiontitle="Restarting Router"> <t><figure> <artwork><![CDATA[ Event | Restarting |numbered="true" toc="default"> <name>Restarting Router</name> <table anchor="table2"> <name>Restarting Router</name> <thead> <tr> <th>Event</th> <th>Restarting</th> <th>ADJ Seen RA</th> <th>ADJ Seen CSNP</th> <th>SPF Wait</th> </tr> </thead> <tbody> <tr> <td>Restart planned</td> <td>Send PR</td> <td></td> <td></td> <td></td> </tr> <tr> <td>Planned restart canceled</td> <td>Send PR clr</td> <td></td> <td></td> <td></td> </tr> <tr> <td>RX PA</td> <td>Proceed with planned restart</td> <td></td> <td></td> <td></td> </tr> <tr> <td>Router restarts</td> <td> <t>Send IIH/RR<br/> ADJ Init<br/> Start T1, T2, T3</t> </td> <td></td> <td></td> <td></td> </tr> <tr> <td>RX RR</td> <td>Send RA</td> <td></td> <td></td> <td></td> </tr> <tr> <td>RX RA</td> <td><t>Adjust T3<br/> Goto ADJ Seen|RA</t></td> <td></td> <td><t>Cancel T1<br/> Adjust T3</t></td> <td></td> </tr> <tr> <td>RX CSNP set</td> <td>Goto ADJ Seen| SPF Wait | | RA | CSNP | =================================================================== Restart | Send PR | | | planned | | | | ------------+--------------------+-----------+-----------+------------ Planned | Send PR clr | | | restart | | | | canceled | | | | ------------+--------------------+-----------+-----------+------------ RX PA | Proceed with | | | | planned restart | | | ------------+--------------------+-----------+-----------+------------ Router | Send IIH/RR | | | restarts | ADJ Init | | | | Start T1,T2,T3 | | | ------------+--------------------+-----------+-----------+------------ RX RR | Send RA | | | ------------+--------------------+-----------+-----------+------------ RX RA | Adjust T3 | | Cancel T1 | | Goto ADJ Seen RA | | Adjust T3 | ----------- +--------------------+-----------+-----------+------------ RX CSNP set| Goto ADJ Seen CSNP | Cancel T1 | | ------------+--------------------+-----------+-----------+------------ RXCSNP</td> <td>Cancel T1</td> <td></td> <td></td> </tr> <tr> <td>RX IIH w/o| Cancel T1 (Point- | | |RestartTLV| to-point only) | | | ------------+--------------------+-----------+-----------+------------TLV</td> <td>Cancel T1expires | Send IIH/RR |Send IIH/RR|Send IIH/RR| |(Point-to-point only)</td> <td></td> <td></td> <td></td> </tr> <tr> <td>T1 expires</td> <td> <t>Send IIH/RR<br/> RestartT1 |T1</t> </td> <td> <t>Send IIH/RR<br/> RestartT1|T1</t> </td> <td> <t>Send IIH/RR<br/> RestartT1| ------------+--------------------+-----------+-----------+------------ T1T1</t> </td> <td></td> </tr> <tr> <td>T1 expires| Send IIH/ | Send IIH/ | Send IIH/ |nthtime | normal | normal | normal | ------------+--------------------+-----------+-----------+------------ T2 expires | Trigger SPF | | | |time</td> <td>Send IIH/normal</td> <td>Send IIH/normal</td> <td>Send IIH/normal</td> <td></td> </tr> <tr> <td>T2 expires</td> <td><t>Trigger SPF<br/> Goto SPFWait | | | ------------+--------------------+-----------+-----------+------------ T3 expires | SetWait</t></td> <td></td> <td></td> <td></td> </tr> <tr> <td>T3 expires</td> <td><t>Set overloadbit | | | |bit<br/> Flood localLSPs | | | |LSPs<br/> Update fwdplane | | | ------------+--------------------+-----------+-----------+------------ LSPplane</t></td> <td></td> <td></td> <td></td> </tr> <tr> <td>LSP DBSync| Cancel T2,Sync</td> <td><t>Cancel T2 andT3 | | | |T3<br/> TriggerSPF | | | |SPF<br/> Goto SPFwait | | | ------------+--------------------+-----------+-----------+------------ Allwait</t></td> <td></td> <td></td> <td></td> </tr> <tr> <td>All SPF| | | | Clear done | | | |done</td> <td></td> <td></td> <td></td> <td><t>Clear overloadbit | | | |bit<br/> Update fwd| | | | plane | | | |plane<br/> Flood local| | | | LSPs | | | |LSPs<br/> GotoRunning ====================================================================== ]]></artwork> </figure></t>Running</t></td> </tr> </tbody> </table> </section> <sectiontitle="Starting Router"> <t><figure> <artwork><![CDATA[ Event | Starting | ADJnumbered="true" toc="default"> <name>Starting Router</name> <table anchor="table3"> <name>Starting Router</name> <thead> <tr> <th>Event</th> <th>Starting</th> <th>ADJ SeenRA| ADJRA</th> <th>ADJ SeenCSNP ============================================================= Router | Send IIH/SA | | starts |CSNP</th> </tr> </thead> <tbody> <tr> <td>Router starts</td> <td><t>Send IIH/SA<br/> StartT1,T2 | | -------------+-------------------+------------+--------------- RX RR | Send RA | | -------------+-------------------+------------+--------------- RX RA | GotoT1 and T2</t></td> <td></td> <td></td> </tr> <tr> <td>RX RR</td> <td>Send RA</td> <td></td> <td></td> </tr> <tr> <td>RX RA</td> <td>Goto ADJ SeenRA | | Cancel T1 -------------+-------------------+------------+--------------- RXRA</td> <td></td> <td>Cancel T1</td> </tr> <tr> <td>RX CSNPSet | GotoSet</td> <td>Goto ADJ SeenCSNP| Cancel T1 | -------------+-------------------+------------+--------------- RXCSNP</td> <td>Cancel T1</td> <td></td> </tr> <tr> <td>RX IIH w| Cancel T1 | |no Restart| (Point-to-Point | | TLV | only) | | -------------+-------------------+------------+--------------- ADJ UP | StartTLV</td> <td>Cancel T1| | |(Point-to-Point only)</td> <td></td> <td></td> </tr> <tr> <td>ADJ UP</td> <td><t>Start T1<br/> Send local LSPs| | |with overloadbit| | | set | | -------------+-------------------+------------+--------------- T1 expires | Send IIH/RR |Send IIH/RR | Sendbit set</t></td> <td></td> <td></td> </tr> <tr> <td>T1 expires</td> <td> <t>Send IIH/RR|andSA | and SA |SA<br/> Restart T1</t> </td> <td><t>Send IIH/RR andSA |SA<br/> RestartT1 |Restart T1 |T1</t></td> <td><t>Send IIH/RR and SA<br/> RestartT1 -------------+-------------------+------------+--------------- T1T1</t></td> </tr> <tr> <td>T1 expires| Send IIH/SA |Send IIH/SA | Send IIH/SAnthtime | | | -------------+-------------------+------------+--------------- T2 expires | Cleartime</td> <td>Send IIH/SA</td> <td>Send IIH/SA</td> <td>Send IIH/SA</td> </tr> <tr> <td>T2 expires</td> <td><t>Clear overloadbit| | |bit<br/> Send IIHnormal | | |normal<br/> GotoRunning | | -------------+-------------------+------------+--------------- LSPRunning</t></td> <td></td> <td></td> </tr> <tr> <td>LSP DBSync | Cancel T2 | | |Sync</td> <td><t>Cancel T2<br/> Clear overloadbit| | |bit<br/> Send IIHnormal | | ============================================================== ]]></artwork> </figure></t>normal</t></td> <td></td> <td></td> </tr> </tbody> </table> </section> </section> <section anchor="IANA"title="IANA Considerations">numbered="true" toc="default"> <name>IANA Considerations</name> <t>This document defines the following IS-IS TLV that is listed in theIS-IS TLV codepoint registry:</t> <t><figure> <artwork><![CDATA[ Type Description IIH LSP SNP Purge ---- ------------------------------ --- --- --- ----- 211 Restart"IS-IS TLVy n n n ]]></artwork> </figure>IANA is requested to updateCodepoints" registry.</t> <table anchor="ianatable" align="left"> <thead> <tr> <th>Type</th> <th>Description</th> <th>IIH</th> <th>LSP</th> <th>SNP</th> <th>Purge</th> </tr> </thead> <tbody> <tr> <td>211</td> <td>Restart TLV</td> <td>y</td> <td>n</td> <td>n</td> <td>n</td> </tr> </tbody> </table> <t>IANA has updated the entry in registry to point to this document.</t> </section> <section anchor="Security"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t>Any new security issues raised by the procedures in this document depend upon the ability of an attacker to inject a false but apparently valid IIH, the ease/difficulty of which has not been altered.</t> <t>If the RR bit is set in a false IIH, neighbors who receive such an IIH will continue to maintain an existing adjacency in the"UP"UP state and may (re)send a complete set of CSNPs. While the latter action is wasteful, neither action causes any disruption in correct protocol operation.</t> <t>If the RA bit is set in a false IIH, a (re)starting router that receives such an IIH may falsely believe that there is a neighbor on the corresponding interface that supports the procedures described in this document. In the absence of receipt of a complete set of CSNPs on that interface, this could delay the completion of (re)start procedures by requiring the timer T1 to time out the locally defined maximum number of retries. This behavior is the same as would occur on a LAN where none of the (re)starting router's neighbors support the procedures in this document and is covered in Sections3.3.1<xref target="adjacencyreacqsection" format="counter"/> and3.3.2.</t><xref target="adjacencyacqsection" format="counter"/>.</t> <t>If the SA bit is set in a false IIH, this could cause suppression of the advertisement of an IS neighbor, which could either continue for an indefinite period or occur intermittently with the result being a possible loss of reachability to some destinations in the network and/or increased frequency of LSP flooding and SPF calculation.</t> <t>If the PR bit is set in a false IIH, neighbors who receive such an IIH could modify theholding timeHolding Time of an existing adjacency inappropriately. In the event of topology changes, the neighbor might also choose to not flood the topology updates and/or bring the adjacency down in the false belief that the forwarding plane of the router identified as the source of the false IIH is not currently processing announced topology changes. This would result in unnecessary forwarding disruption.</t> <t>If the PA bit is set in a false IIH, a router that receives such an IIH may falsely believe that the neighbor on the corresponding interface supports the planned restart procedures defined in this document. If such a router is planning torestartrestart, it might then proceed to initiate a restart in the false expectation that the neighbor has updated itsholding timeHolding Time as requested. This may result in the neighbor bringing down the adjacency while the receiving router is restarting, causing unnecessary disruption to forwarding.</t> <t>The possibility of IS-IS PDU spoofing can be reduced by the use ofauthenticationauthentication, as described in[RFC1195]<xref target="RFC1195" format="default"/> and[ISO10589],<xref target="ISO10589" format="default"/>, and especially by the use of cryptographicauthenticationauthentication, as described in <xreftarget="RFC5304"/>target="RFC5304" format="default"/> and <xreftarget="RFC5310"/>.</t>target="RFC5310" format="default"/>.</t> </section> <sectiontitle="Manageability Considerations">numbered="true" toc="default"> <name>Manageability Considerations</name> <t>These extensions that have been designed, developed, and deployed for many years do not have any new impact on management and operation of the IS-IS protocol via this standardization process.</t> </section><section anchor="Acknowledgements" title="Acknowledgements"> <t>For RFC 5306 the authors acknowledged contributions made by Jeff Parker, Radia Perlman, Mark Schaefer, Naiming Shen, Nischal Sheth, Russ White, and Rena Yang.</t> <t>The authors of this updated version acknowledge the contribution of Mike Shand, co-auther of RFC 5306.</t> </section></middle> <back><references title="Normative References"><references> <name>Normative References</name> <reference anchor="ISO10589"> <front><title>Intermediate system<title>Information technology -- Telecommunications and information exchange between systems -- Intermediate System to IntermediatesystemSystem intra-domain routeing information exchange protocol for use in conjunction with the protocol for providing the connectionless-modeNetwork Servicenetwork service (ISO 8473)</title> <seriesInfo name="ISO/IEC" value="10589:2002, Second Edition"/> <author> <organization abbrev="ISO">International Organization for Standardization</organization> </author> <datemonth="Nov"month="November" year="2002"/> </front><seriesInfo name="ISO/IEC" value="10589:2002, Second Edition"/></reference><?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.1195.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5303.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5304.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5310.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5880.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml"?><xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.1195.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5303.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5304.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5310.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5880.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> </references> <sectiontitle="Summarynumbered="true" toc="default"> <name>Summary of Changes from RFC5306">5306</name> <t>This document extends RFC 5306 by introducing support forsignallingsignaling the neighbors of a restarting router that a planned restart is about to occur. This allows the neighbors to be aware of the state of the restarting router so that appropriate action may be taken if other topology changes occur while the planned restart is in progress. Since the forwarding plane of the restarting router is maintained based upon the pre-restart state of the network, additional topology changes introduce the possibility that traffic may be lost if paths via the restarting router continue to be used while the restart is in progress.</t> <t>In support of this newfunctionalityfunctionality, two new flags have been introduced:</t><t><figure> <artwork><![CDATA[ PR - Restart is planned PA - Planned<dl newline="false" spacing="normal" indent="2"> <dt>PR -</dt> <dd>Restart is planned</dd> <dt>PA -</dt> <dd>Planned restartacknowledgement ]]></artwork> </figure></t>acknowledgement</dd> </dl> <t>No changes to thepost restartpost-restart exchange between the restarting router and its neighbors have been introduced.</t> </section> <section anchor="Acknowledgements" numbered="false" toc="default"> <name>Acknowledgements</name> <t>For RFC 5306, the authors acknowledged contributions made by <contact fullname="Jeff Parker"/>, <contact fullname="Radia Perlman"/>, <contact fullname="Mark Schaefer"/>, <contact fullname="Naiming Shen"/>, <contact fullname="Nischal Sheth"/>, <contact fullname="Russ White"/>, and <contact fullname="Rena Yang"/>.</t> <t>The authors of this updated document acknowledge the contribution of <contact fullname="Mike Shand"/>, coauthor of RFC 5306.</t> </section> <!-- [rfced] FYI, we are aware of a defect in the PDF output and have reported it as a ticket for xml2rfc (https://trac.tools.ietf.org/tools/xml2rfc/trac/ticket/489). --> </back> </rfc>